SysCall: Made SMEP, SMAP, PAN optional features.

MdeModulePkg/Core/Dxe/SysCall/AARCH64/InitializeMsr.c

@@ -173,9 +173,6 @@ InitializeMsr (
     // Enable Privileged Access Never feature.
     //
     ArmSetPan ();
-  } else {
-    DEBUG ((DEBUG_ERROR, "Core: Failed to initialize MSRs for Ring3.\n"));
-    ASSERT (FALSE);
   }
 
   InitializeSysCallHandler ((VOID *)SysCallBootService);
@@ -187,7 +184,9 @@ DisableSMAP (
   VOID
   )
 {
-  ArmClearPan ();
+  if (ArmHasPan ()) {
+    ArmClearPan ();
+  }
 }
 
 VOID
@@ -196,7 +195,9 @@ EnableSMAP (
   VOID
   )
 {
-  ArmSetPan ();
+  if (ArmHasPan ()) {
+    ArmSetPan ();
+  }
 }
 
 EFI_STATUS

MdeModulePkg/Core/Dxe/SysCall/ARM/InitializeMsr.c

@@ -105,12 +105,6 @@ InitializeMsr (
     // Enable Privileged Access Never feature.
     //
     ArmSetPan ();
-  } else {
-    //
-    // TODO: Refactoring.
-    //
-    DEBUG ((DEBUG_ERROR, "Core: Failed to initialize MSRs for Ring3.\n"));
-    // ASSERT (FALSE);
   }
 
   InitializeSysCallHandler (SysCallBootService);

MdeModulePkg/Core/Dxe/SysCall/IA32/InitializeMsr.c

@@ -27,14 +27,9 @@ InitializeMsr (
 
   //
   // Forbid supervisor-mode accesses to any user-mode pages.
-  // SMEP and SMAP must be supported.
   //
   AsmCpuidEx (0x07, 0x0, NULL, &Ebx, NULL, NULL);
-  //
+  if (((Ebx & BIT20) != 0) && ((Ebx & BIT7) != 0)) {
-  // SYSENTER and SYSEXIT must be also supported.
-  //
-  AsmCpuidEx (0x01, 0x0, NULL, NULL, NULL, &Edx);
-  if (((Ebx & BIT20) != 0) && ((Ebx & BIT7) != 0) && ((Edx & BIT11) != 0)) {
     Cr4.UintN     = AsmReadCr4 ();
     Cr4.Bits.SMAP = 1;
     Cr4.Bits.SMEP = 1;
@@ -43,9 +38,15 @@ InitializeMsr (
     Eflags.UintN   = AsmReadEflags ();
     Eflags.Bits.AC = 0;
     AsmWriteEflags (Eflags.UintN);
-  } else {
+  }
-    DEBUG ((DEBUG_ERROR, "Core: Failed to initialize MSRs for Ring3.\n"));
+
-    ASSERT (FALSE);
+  //
+  // SYSENTER and SYSEXIT must be supported.
+  //
+  AsmCpuidEx (0x01, 0x0, NULL, NULL, NULL, &Edx);
+  if ((Edx & BIT11) == 0) {
+    DEBUG ((DEBUG_ERROR, "Core: SYSENTER and SYSEXIT are not supported.\n"));
+    CpuDeadLoop ();
   }
 
   //

MdeModulePkg/Core/Dxe/SysCall/X64/InitializeMsr.c

@@ -28,14 +28,9 @@ InitializeMsr (
 
   //
   // Forbid supervisor-mode accesses to any user-mode pages.
-  // SMEP and SMAP must be supported.
   //
   AsmCpuidEx (0x07, 0x0, NULL, &Ebx, NULL, NULL);
-  //
+  if (((Ebx & BIT20) != 0) && ((Ebx & BIT7) != 0)) {
-  // SYSCALL and SYSRET must be also supported.
-  //
-  AsmCpuidEx (0x80000001, 0x0, NULL, NULL, NULL, &Edx);
-  if (((Ebx & BIT20) != 0) && ((Ebx & BIT7) != 0) && ((Edx & BIT11) != 0)) {
     Cr4.UintN     = AsmReadCr4 ();
     Cr4.Bits.SMAP = 1;
     Cr4.Bits.SMEP = 1;
@@ -44,15 +39,19 @@ InitializeMsr (
     Eflags.UintN   = AsmReadEflags ();
     Eflags.Bits.AC = 0;
     AsmWriteEflags (Eflags.UintN);
-    //
+  }
-    // Enable SYSCALL and SYSRET.
+
-    //
+  //
+  // Enable SYSCALL and SYSRET.
+  //
+  AsmCpuidEx (0x80000001, 0x0, NULL, NULL, NULL, &Edx);
+  if ((Edx & BIT11) != 0) {
     MsrEfer.Uint64   = AsmReadMsr64 (MSR_IA32_EFER);
     MsrEfer.Bits.SCE = 1;
     AsmWriteMsr64 (MSR_IA32_EFER, MsrEfer.Uint64);
   } else {
-    DEBUG ((DEBUG_ERROR, "Core: Failed to initialize MSRs for Ring3.\n"));
+    DEBUG ((DEBUG_ERROR, "Core: SYSCALL and SYSRET are not supported.\n"));
-    ASSERT (FALSE);
+    CpuDeadLoop ();
   }
 
   //